Cannot modify "Access Settings" such as "SSH Login" and "Bash Shell" through VAMI (https://vcsa:5480) by a newly created SSO account.

search cancel

Cannot modify "Access Settings" such as "SSH Login" and "Bash Shell" through VAMI (https://vcsa:5480) by a newly created SSO account.

book

Article ID: 378611

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Unable to modify some settings ("SSH Login" or "Bash Shell") in VAMI (vCenter Appliance Management Interface) by a newly created SSO account (not built-in account such as [email protected]) .

Error is thrown such as "Unable to authorize user".

Environment

vCenter Server Appliance

Cause

VAMI (backed by appliance management) authorization module has an own authentication based on local account (such as 'root' for example) and privileges so it is not straightforward to map SSO group to local VAMI privileges.

But 'SystemConfiguration.BashShellAdministrators' SSO group has a complete privileges to access local config in a VCSA through VAMI.

Resolution

Add the newly created SSO account into the built-in SSO group "SystemConfiguration.BashShellAdministrators".

Add the service account to the SystemConfiguration.BashShellAdministrator group:
- Log in to the vSphere Client as an administrator.
- Navigate to Administration > Single Sign On > Users and Groups.
- Select the Groups tab and locate the SystemConfiguration.BashShellAdministrator group.
- Edit the group membership and add your service account.

The SystemConfiguration.BashShellAdministrators group has the appropriate privileges to access and modify the appliance configuration (but not for vCenter-managed objects).

Feedback

thumb_up Yes

thumb_down No